macOS Mojave Bug

Mr. Wardle announced the bug on Twitter and showed how he could bypass Mojave’s privacy protections. Any app could take advantage of the bug and gain access to sensitive information.

In the short video he provided, Mr. Wardle types commands into Terminal. First he opens the Address Book and clicks the Don’t Allow button to prevent access. Then he uses his app that exploits the bug and this lets him copy the entire address book to the desktop.

This is considered a zero day vulnerability since Mojave was just released to the public on September 24. Apple has yet to make a public comment regarding the bug, but will certainly patch it in a future update.